What are the key-usage and extended key-usage extension values in the certificate issued by MS signtool?
Once a certificate has been issued, it cannot be changed. You have to reissue the certificate (as a new one) if you want any changes in it. You should be able to generate a certificate of whatever duration you desire with the tools; you just need to specify it explicitly when creating the certificate. Out of curiosity, what is the key-size for the key-pair of this 40-year certificate? Arshad Noor StrongAuth, Inc. [EMAIL PROTECTED] wrote: > Hi, > > When you create a test certificate with signtool it is valid only for > 3 months. > I would like to know whether it is possible to convert a microsoft > test certificate and use it with Firefox for object signing. > > This is what I try to do: > 1., I have a test.pfx created with microsoft signtool valid for 40 > years > 2., I use the pk12util to import it > > using signtool -L -d. my cert has no asterisk before the name, I guess > that is the problem. > > When using with signtool, I get this (obviously) > > Generating zigbert.sf file.. > signtool: PROBLEM signing data (Certificate not approved for this > operation) > > Since it is a test certificate is not there a way to change it to be > suitable for object signing as well? > Using microsoft certificate store, there is a way to add any kind of > object identification, anyone knows the code (OID) for this purpose > (object signing)? > > Is there another way to create (with nss tools) a test certificate > which is valid mush more time than 3 months? > > TIA, > giorgio71 > > > > _______________________________________________ > dev-tech-crypto mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-crypto
